Navigate

CCI-001417

CCI-001417 Definition

The organization defines security policy filters to be enforced by the information system and used as a basis for flow control decisions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents security policy filters to be enforced by the information system and used as a basis for flow control decisions. DoD has determined the security policy filters are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security policy filters to ensure the organization being inspected/assessed defines security policy filters to be enforced by the information system and used as a basis for flow control decisions. DoD has determined the security policy filters are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that defines the security policy filters to be enforced by the system and used as a basis for flow control decisions.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001417.

Control	Description
AC-4 (8)	The information system enforces information flow control using [Assignment: organization-defined security policy filters] as a basis for flow control decisions for [Assignment: organization-defined information flows].